Win32.Devir
Description Win32.Devir
This is a per-process memory resident parasitic poly-morphic Win32-virus. The virus infects PE EXE files that have .EXE filename extensions. When run, the virus infects files in current directory only.
The virus also stays in the system memory as a component of the infected host program, gains access to KERNEL functions and intercepts 10 of them: file opening, copying, moving functions, etc. When a PE EXE file is accessed by these functions, the virus infects it. As a result, the virus will infect all PE EXE programs that are accessed by infected the host program, and the virus will be active until the moment the host program exits. The virus also hooks, selecting a new directory function, and infects PE EXE files in there.
The PE EXE infection method is a complex and is similar to the Win32.Driller virus. The block of host file code that is overwritten by the virus poly-morphic routine in some cases may be also compressed during infection.
The virus also contains a backdoor routine that opens an Internet connection, waits for its author's instructions and then follows them: sends/receives files, executes programs, reports system information, etc.
The virus contains the following "copyright" text:
Intruder v.0.1 by Deviator//HAZARD
Check other viruses! Be aware! Use Antiviral Software
1stVir.3032
Description 1stVir.3032
This is harmless, memory resident parasitic virus. It hooks INT 9, 13h, 1Ch, 21h, and 28h. The virus writes itself to the end of COM and EXE files. When the file is executed, the virus stores its name, and infects that file on INT 1Ch or INT 28h calls. So the virus infects the file not at the same moment when the file is executed, but with some delay.
Other interrupt vectors the virus uses in its video effect: the virus changes the video mode, pages, cursor and mouse position, and displays the string "1st".
The virus contains the encrypted text strings:
EXECOM
1stVIR
1stVir.3173
Description 1stVir.3173
This is harmless, memory resident parasitic virus. It hooks INT 9, 13h, 1Ch, 21h, and 28h. The virus writes itself to the end of COM and EXE files. When the file is executed, the virus stores its name, and infects that file on INT 1Ch or INT 28h calls. So the virus infects the file not at the same moment when the file is executed, but with some delay.
Other interrupt vectors the virus uses in its video effect: the virus changes the video mode, pages, cursor and mouse position, and displays the string "1st".
The virus contains the encrypted text strings:
EXECOM
1stVIR
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Detox Thc
Seo Hositng
Mongolia Phone Cards
Reise Online Buchen
Pdf To Jpg
|